Defence Assurance and Information Security: defence industry/list X
Details of the responsibilities and processes of the Defence Assurance and Information Security (DAIS).
DAIS defence industry ICT accreditation
A role of DAIS is to provide a range of support to defence and its industry partners to achieve accreditation, including:
- oversight, tracking and provision of management information for all defence accreditation activity
- advice and guidance on the subject of accreditation
- assessment of evidence and Risk Management Accreditation Document Sets (RMADS)
- final sign-off and provision of a certificate of accreditation
Accreditation confirms that information and communication technology (ICT) systems embody appropriate security to allow MOD information to be stored and processed with an acceptable level of risk.
The Defence Assurance Risk Tool (DART) (opens DART for those with RLI access) must be used to register all ICT systems owned or used by MOD industry partners, where those ICT systems are either connected to HMG networks or store or process OFFICIAL-SENSITIVE information or more highly classified information. These ICT systems must be accredited before use and subsequently have their security managed thereafter.
The authorities responsible for the systems requiring accreditation must ensure that this accreditation is obtained before storing or processing MOD information.
DAIS is the sponsor of the accreditation process for MOD, providing support and advice and overseeing accreditation activity across defence. The system, or a subset of a system, requiring accreditation is known as a target of assurance (TOA).
All requests to accredit ICT are processed through the Defence Assurance Risk Tool (DART), which enables the tracking of TOAs and the provision of management information.
The DART methodology includes a triage process that takes account of risk and assigns one of the following assessment paths:
- DAIS assessment
- MOD Top Level Budget Holder accreditor assessment
- self assessment and provision of evidence to DAIS
Accreditation requires the provision of evidence and approval through the Defence Assurance and Information Security (DAIS) team (opens for those with RLI access) or delegated authority processes and a DART produced certificate to be provided.
Start accrediting your ICT system
- register the system/application that requires accreditation (opens DART for those with RLI access)
- if you have not used DART before, you will need to register first by clicking on ‘New Account’; if you have, click ‘Login
- follow the instructions within the tool; if you get stuck, open the user guide by clicking on the ‘?’ icon at the top of the screen
If you do not have access to the RLI, you will not be able to access DART directly. In this circumstance:
- save a copy of the relevant DAIS accreditation request form and annexes to a suitable location
- remember that information categorised as OFFICIAL-SENSITIVE or above must not be transmitted in clear over the Internet
- post the completed accreditation request forms to:
Service Delivery Team,
DAIS, Room X007,
Get advice and guidance on accreditation in general
Call our customer support line on 01480 446311 or 95371 4564 or email email@example.com.
Find out who the accreditor is for your system
- login to DART (opens DART for those with RLI access) and click on the ‘+’ sign against the relevant line item to ascertain to whom the submission has been allocated
- the link above will provide you with access to the ‘Survey Responder’ element of DART, which is required in order to register either a system for accreditation or an risk balance case (RBC). Accreditors, and those with a need to view multiple Targets of Accreditation or RBCs, will require access to DART CMS (case management system). Applications for DART CMS accounts should be submitted through the DAIS contact point
- if you do not have a DART account but need to know, call our customer support line on 01480 446311 or 95371 4564 or e-mail firstname.lastname@example.org
Joint Security Co-ordination Centre (JSyCC)
The JSyCC enables ‘defence information assurance’ assessment through the conduct and coordination of MOD information security incident management and related risk analysis activity.
Additionally, it is a focal point for ‘information security alerts’ and associated ‘warning and response’ activities.
We are responsible for
- operational co-ordination and management of the immediate response, warning and reporting, including the investigative oversight and follow-up actions, for all reported Defence information assurance/information security incidents involving the loss, compromise or leakage of protectively marked official information and/or equipment
- operational information security risk management, trend analysis and related policy. This includes the management of the MOD Information Security Incident Reporting Scheme (MISIRS) and supporting database, together with the drafting of responses to Parliamentary Questions, Freedom of Information (FOI) requests etc
- the provision of the Defence industry warning and reporting point (WARP) responsible for the coordination of the response and management of all Defence industry information security incidents, including List X
- the coordination of all law enforcement and counter intelligence for information security incidents
If you want to know more about JSyCC, use the contact details below:
X017, Bazelgette Pavilion
Cambs, PE28 2EA
Point of Contact: JSyCC Ops 0306 770 2187
JSyCC Duty Officer (out of hours) 07768 558 863
Published: 12 December 2012
Updated: 7 August 2017
- Added updated information on DAIS defence industry ICT accreditation.
- Updated contact details.
- Updated DAIS content.
- Updated name of organisation to Defence Assurance and Information Security (DAIS).
- Updated contact details
- New form added
- First published.
From: Ministry of Defence
Related guides: Defence Equipment and Support Principal Security Advisor